To use Cyware you must have cookies enabled. By Registering or Signing in, you agree to our Terms and Privacy Policy. You can also signup using Google Account. We will not use your credentials to import contacts or post anything on your account without your permission.For more info, please see Login FAQ.

The site caters to around half a million customers who can place bets on soccer, tennis and horse-racing.

Security researchers have discovered that British betting site BetVictor has inadvertently exposed internal administrative logins and plaintext passwords to the internet.

BetVictor boasts of catering to over half a million customers who can place bets on sports such as tennis, soccer and horse-racing. The site is also a partner of Liverpool FC, one of the most popular English premier league football teams.

Admin passwords exposed

According to independent security researcher Chris Hogben, who discovered the breach, the betting site allowed anyone to see confidential data, including admin passwords, simply by browsing the website and searching for the word “admin”.

“With access to any of these systems, it may be possible to access sensitive company information and potentially even user-specific data,” Hogben wrote in his blog. “It should also be noted that this was just one document located within the BetVictor knowledge base. With more extensive searching, further documents may have been discovered containing even more confidential data.”

“With the World Cup taking place at the moment, I'd imagine more people are using betting sites than usual,” Hogben told Motherboard. “Having administrator access so readily available to anyone puts the safety of those users’ details at risk. Who knows what could have been done by a bad actor.”

BetVictor probing the breach

It is still unclear how long the flaw has been live on the site and whether it has been accessed by any malicious actors.

“What we can say is that the information was from an internal help section that was available for our Customer Service Teams in 2015,” BetVictor told Hogben.

The company is yet to specify whether the data was also accessed by any other third-parties.

However, BetVictor claimed that since discovering the breach, it has disabled its help center and blocked external access to any systems. The company said that it is still investigating the details of the attack.

Who we are

Cyware is a first-of-its-kind, comprehensive cyber situational awareness platform, designed to help you stay informed about the latest happenings in the cyber world with expertly curated news stories and updates.

Our Technology

Let IBM's Watson Find the Right News For You

The cyber threat landscape is changing rapidly, and cybersecurity news has claimed its spot on the front pages in recent months. It's not easy to find the right information from tens of thousands of cyber news articles and feeds published every day. Our machine learning based curation engine brings you the most relevant cyber content based on your needs.

Receive Daily Cyber News in Your Inbox

From the latest cyber security trends and innovations to new malware, vulnerabilities and threat intelligence, we bring you the most up-to date and relevant cyber updates and news alerts.